ACE Integration with the Cisco Catalyst 6500 Configuration Example

From DocWiki

Contents

Introduction

This example shows how to allocate VLANs to the ACE module so the ACE module can be interconnected to the network.

Design

In simple scenario, the MSFC is sharing VLANs with the ACE modules the basic VLAN structure is as follows:

VLAN Names

Common names for Datacenter VLANs

VLAN ID

Public VLAN

ACE Client VLAN

VLAN 10

Private VLAN

ACE Server VLAN

VLAN 20

When allocating VLANs to a vlan-group, be aware a specific VLAN can only be allocated to one vlan-group. This requirement can dictate the use of multiple vlan-groups. In the common scenario where we have both FWSM and ACE modules where the basic VLAN structure is as follows:

VLAN Names

Common names for Datacenter VLANs

VLAN ID

Internet Facing VLAN

FWSM Outside

VLAN 10

DMZ VLAN

FWSM Inside

VLAN 20

DMZ VLAN

ACE Client VLAN

VLAN 20

Private VLAN

ACE Server VLAN

VLAN 30

Configuration

In this example of a simple scenario, VLANs 10 and 20 need to be allocated to the ACE module:

In this example, intuitively VLANs 10 and 20 need to be allocated to the FWSM and VLANs 20 and 30 allocated to the ACE module. Due to the vlan-group constraint, an additional vlan-group must be allocated for the shared VLAN between the FWSM and ACE modules.

Comments

Notice either firewall or svclc commands can be used to define a vlan-group. However, the firewall command must be used to allocate vlan-groups to a FWSM, and the svclc command must be used to allocate vlan-groups to an ACE module. Once VLANs have been allocated to the ACE module the process of virtualization and resource allocation can begin.